German Top Startup Launches Crowdfunding Project Nitrokey Storage

The market for information security is increasing with every cyber attack that makes it into the news and every technology related issue that could have caused it. But what solutions are solid? Which startups should you keep an eye on? We spotted a very promising company from Germany, which goes by the name Nitrokey. They have started their crowdfunding project today on Indiegogo and if you have an interest in information security for private or professional reasons we strongly recommend to check them out.

Crowdfunding Campaign Goals

The goal of our crowdfunding campaign is to finalise development of the Nitrokey Storage and to produce the first batch of devices. A beta version of Nitrokey Storage is currently available.

What can you use Nitrokey Storage for?

Secure login on the web

Secure login to network services, local computers and for access control

Secure key storage for email encryption

Mobile-encrypted file storage

Hard disk and file encryption

To protect server- and PKI-keys

Nitrokey Storage Features

Encryption of emails, hard drives, and other data via a highly secure smart card. Secure keys are protected by the hardware.

Secure login on the web and protection against identity theft via one-time passwords.

What does the Nitrokey Storage protect against?

In case of loss or theft the secure encryption keys and encrypted data remain secure, even withstanding sophisticated attacks with laboratory equipment.

Intelligence services try to backdoor security equipment. Because Nitrokey is available as open-source, everybody can check it for backdoors.

In situations such as border controls the user can reveal a wrong password and technically it can’t be proven that a hidden encrypted area exists containing further data.

User error can result in sending and revealing secret encryption keys. Nitrokey prevents this potentiality by keeping all secret keys secure in its hardware.

Malicious firmware updates (e.g. BadUSB) are prevented by using a dedicated password for firmware updates. Installed firmware can be exported and verified.

The Nitrokey team

Jan Suhr
Coordination and architecture – The cofounder has more than eight years of experience in IT security, having previously worked between Germany and Singapore for a large IT consulting firm. He campaigns for data privacy, data security and open source on a volunteer basis.

George Gkitsas
Nitrokey App and Pro software engineer – George is involved in the Nitrokey project since he was a Google Summer of Code student. His main focus are Nirokey Pro firmware and Nitrokey App development.

Nitrokey’s vision

Slogan: Secure your digital life

Vision: Nitrokey works similarly to a classical latchkey as a key for your digital home. Nitrokey is a secure and easy-to-use key that should be used in all instances where passwords are required.

What happens if I lose my Nitrokey Storage?

Access is PIN-protected and after six wrong entries the Nitrokey locks itself irrevocably and effectively destroys all data. This way your data remains secure. A short PIN is sufficiently secure, because only six passport attempts are possible and brute force attacks are prevented by the hardware.

Secret keys can be backed up during its initialisation, so that the encryption keys can still be used in case the device is lost or damaged.

How large is the storage capacity?

The Nitrokey Storage will be available in several options. You can go for the 8, 32 or 64 GB storage unit.

How secure is Nitrokey Storage?

An integrated OpenPGP smart card protects against cryptographic side-channel attacks and hardware attacks. Even attacks with advanced laboratory equipment can be withstood.

The secure architecture results in encryption of all sensitive data by the smart card.

Cure53, a company specialising in security audits, has already reviewed the hardware and firmware of Nitrokey Storage and has deemed it secure.

Further facts about the crowdfunding campaign

What will the money be used for?

The Nitrokey Enterprise

IT security is currently one of the dominant topics in the media. Global hacker attacks and surveillance scandals continually shake the foundations of our world. Nitrokey’s mission is to protect the digital identity and data of all personal and corporate computer users. Nitrokey was founded in January 2015 in Berlin and has already been voted Germany’s #12 tech startup.

Founder and CEO Jan Suhr has more than eight years of experience in IT security, having previously worked between Germany and Singapore for a large IT consulting firm. He campaigns for data privacy, data security and open-source on a volunteer basis and has also worked on development programs in Afghanistan.

The History

In 2008 Jan Suhr, Rudolf Böddeker and another friend were traveling and found themselves looking to use encrypted emails in internet cafés, which meant the secret keys had to remain secure against computer viruses and Trojans. Some proprietary USB dongles existed at the time, but were either technically insufficient or were not available for use by private persons. So without further ado they started developing an appropriate USB key themselves. The three friends released the Crypto Stick as open-source hardware on 27 December 2009. In the years to follow the Crypto Stick became popular in the open-source and security community and almost 1000 devices were produced and distributed on a non-profit basis. On 1 January 2015 Crypto Stick was renamed Nitrokey, in order to both professionalize the project and account for its users’ high standards. It was then that the company was born.

Existing Nitrokey products

Nitrokey currently offers four highly secure solutions that cost between €19 and €49:

Nitrokey Pro and Nitrokey Start are suitable for the secure encryption of emails, files and hard disks, as well as for secure login on the web, in network services and on local computers.

Nitrokey U2F supports Google’s new and very easy-to-use login mechanism FIDO Universal 2nd Factor, which should prove to be highly successful.

Nitrokey HSM addresses the providers of security servers, as well as businesses that wish to operate their own PKI.

More Information

Check out their FAQ and an overview of information on the official homepage. This looks definitely interesting!